diff options
| author | Dan Peebles <pumpkin@me.com> | 2017-11-14 10:36:04 -0500 |
|---|---|---|
| committer | Dan Peebles <pumpkin@me.com> | 2017-11-14 10:36:04 -0500 |
| commit | 49a5791bc4f201c118f7f22f07f232d8f3e6a7de (patch) | |
| tree | e745ff7cb60a4cde4f6e948af467a05f1614de63 /pkgs/stdenv/darwin/default.nix | |
| parent | 762a05cbb637352fa794d2e7a55018627ae76cc5 (diff) | |
| download | nixpkgs-49a5791bc4f201c118f7f22f07f232d8f3e6a7de.tar nixpkgs-49a5791bc4f201c118f7f22f07f232d8f3e6a7de.tar.gz nixpkgs-49a5791bc4f201c118f7f22f07f232d8f3e6a7de.tar.bz2 nixpkgs-49a5791bc4f201c118f7f22f07f232d8f3e6a7de.tar.lz nixpkgs-49a5791bc4f201c118f7f22f07f232d8f3e6a7de.tar.xz nixpkgs-49a5791bc4f201c118f7f22f07f232d8f3e6a7de.tar.zst nixpkgs-49a5791bc4f201c118f7f22f07f232d8f3e6a7de.zip | |
darwin.stdenv: fix up to allow sandboxing
Diffstat (limited to 'pkgs/stdenv/darwin/default.nix')
| -rw-r--r-- | pkgs/stdenv/darwin/default.nix | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index 36fa474b431..ea1848492cd 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -21,9 +21,11 @@ assert crossSystem == null; let inherit (localSystem) system platform; - libSystemProfile = '' - (import "${./standard-sandbox.sb}") - ''; + commonImpureHostDeps = [ + "/bin/sh" + "/usr/lib/libSystem.B.dylib" + "/usr/lib/system/libunc.dylib" # This ependency is "hidden", so our scanning code doesn't pick it up + ]; in rec { commonPreHook = '' export NIX_ENFORCE_PURITY="''${NIX_ENFORCE_PURITY-1}" @@ -37,11 +39,6 @@ in rec { export gl_cv_func_getcwd_abort_bug=no ''; - # The one dependency of /bin/sh :( - binShClosure = '' - (allow file-read* (literal "/usr/lib/libncurses.5.4.dylib")) - ''; - bootstrapTools = derivation rec { inherit system; @@ -53,7 +50,7 @@ in rec { reexportedLibrariesFile = ../../os-specific/darwin/apple-source-releases/Libsystem/reexported_libraries; - __sandboxProfile = binShClosure + libSystemProfile; + __impureHostDeps = commonImpureHostDeps; }; stageFun = step: last: {shell ? "${bootstrapTools}/bin/bash", @@ -108,8 +105,8 @@ in rec { }; # The stdenvs themselves don't use mkDerivation, so I need to specify this here - stdenvSandboxProfile = binShClosure + libSystemProfile; - extraSandboxProfile = binShClosure + libSystemProfile; + __stdenvImpureHostDeps = commonImpureHostDeps; + __extraImpureHostDeps = commonImpureHostDeps; extraAttrs = { inherit platform; @@ -167,7 +164,7 @@ in rec { }; stage1 = prevStage: let - persistent = _: _: {}; + persistent = _: super: { python = super.python.override { configd = null; }; }; in with prevStage; stageFun 1 prevStage { extraPreHook = "export NIX_CFLAGS_COMPILE+=\" -F${bootstrapTools}/Library/Frameworks\""; extraNativeBuildInputs = []; @@ -317,8 +314,8 @@ in rec { export PATH_LOCALE=${pkgs.darwin.locale}/share/locale ''; - stdenvSandboxProfile = binShClosure + libSystemProfile; - extraSandboxProfile = binShClosure + libSystemProfile; + __stdenvImpureHostDeps = commonImpureHostDeps; + __extraImpureHostDeps = commonImpureHostDeps; initialPath = import ../common-path.nix { inherit pkgs; }; shell = "${pkgs.bash}/bin/bash"; @@ -364,6 +361,10 @@ in rec { clang = cc; llvmPackages = persistent'.llvmPackages // { clang = cc; }; inherit cc; + + darwin = super.darwin // { + xnu = super.darwin.xnu.override { python = super.python.override { configd = null; }; }; + }; }; }; |